IPv6 DS-Lite User Connecting to ME60 Failed to Access Websites and No NAT Session Was Generated

The ME60 ran IPv6 R6C00 and housed a CGN board to terminate DS-Lite tunnels. The ONT worked in routing mode, initiated the DS-Lite tunnels, and was manually configured with the AFTR domain name WWW.AFTR.com. The WAN interface on the ONT could obtain an IPv6 address and allocate an IPv4 address to the PC properly.

Symptom: The PC failed to access websites and no NAT session was generated on the ME60. The ME60 showed that the ONT dialed up properly; correct public and private addresses and interface range were allocated to the PC; the DS-Lite tunnel table entries were normal.

Handling Process

The DS-Lite services in distributed mode are processed as follows:

1. The ME60 allocates an IPv6 address to the ONT WAN interface. The ONT allocates an IPv4 private address to the PC.

2. After detecting that user dialing up completes, the ME60 creates a tunnel table entry, which records the mapping between the IPv6 address of the ONT WAN interface and NAT, and reserves a public IPv4 address and interface range for the PC.

3. Before the PC uses its IPv4 private address to access IPv4 services on the public network, DNS resolution is performed. Upon receiving the data packets from the PC, the ONT encapsulates them into IPv6 DNS packets through the WAN interface (the source address of the IPv6 DNS packets is the WAN interface address; the destination address is the DNS server IPv6 address; the DNS packets carry request for resolving the IPv4 domain name), and sends them to the DNS server. The DNS server then returns the DNS resolution result through IPv6 packets to the ONT. The ONT sends the DNS resolution result to the PC. The PC obtains the domain name of the corresponding website and sends an access request packet.

4. The ONT encapsulates an IPv6 header into the access request packet so that the destination address of the packet becomes the AFTR address of the CGN board on the ME60, and transmits the packet over the IPv6 network to the CGN board. The CGN board strips the IPv6 packet header and performs NAT translation.

Huawei performed the following operations to address the problem:

1. Concluded that address configurations on the ME60 were correct as addresses were properly allocated.

2. Checked DS-Lite configurations on the ME60.

The configurations were correct.

3. Found that the IPv6 network between the ME60 and the DNS server was unavailable. As a result, the ONT as the DNS proxy failed to communicate with the DNS server to obtain the actual address of the network to which the IPv4 website domain name corresponds. The PC therefore failed to access the website.

Root Cause

The IPv6 network between the ME60 and the DNS server was unavailable.

Solution

Preventive measure:

1. Configure a static IPv4 DNS server address on the PC. In this manner, the ONT forwards a packet carrying the DNS server address from the PC as a pure IPv4 packet because the DNS server address is not a private IPv4 gateway address. The ONT directly encapsulates an IPv6 header into the packet and sends it to the CGN AFTR address, saving step 3 in the preceding process.

2. Configure the CGN AFTR IPv6 address on the ONT. This saves step 4 in the preceding process.

Suggestions

1. Ensure that the network between the CGN and the DNS server is able to forward IPv6 packets. In the distributed mode, the ME60 automatically creates a DS-Lite table entry for the DS-Lite tunnel upon completion of user dialing up.

3. If all end-to-end configurations on ME60 are correct, focus on the service implementation procedure.